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AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1. (Currently Amended) At a requesting computing system that is communicatively 
connectable to a providing computing system, the requesting computing system including 
requesting instructions that can attempt to interact with a providing application at the providing 
computing system, a method for providing information that can be used to verify measurable 
aspects of the requesting computing system, the method comprising: 

determining that the providing computing system is appropriately configured to 
issue challenges to components included in the requesting computing system; 

determining that the providing application is appropriately configured to issue 
challenges to the requesting instructions; 

receiving a challenge initiated by the providing application, the challenge including 
information indicating how the requesting computing system is to prove that the requesting 
computing system is appropriately configured to access a resource , the information 
comprising at least the identity of a region within a portion of instructions at the requesting 
computing system computed from a first random value and a second random value ; 

formulating proof, based on a measurable aspect of the requesting computing 
system's configuration, that the measurable aspect of the requesting computing system's 
configuration is appropriate for accessing a resource; and 

submitting an assertion that can be used to verify that the requesting computing 
system is appropriately configured to access a resource. 
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2. (Previously Presented) The method as recited in claim 1, wherein 
determining that the providing computing system is appropriately configured to issue challenges to 
components included in the requesting computing system comprises an act of establishing a Secure 
Sockets Layer (SSL) connection between the requesting computing system and the providing 
computer system. 

3. (Original) The method as recited in claim 1, wherein the act of determining that 
the providing application is appropriately configured to issue challenges to the requesting 
instructions comprises receiving proof that the providing application complies with one or more 
security and trust policies of the requesting computing system. 

4. (Previously Presented) The method as recited in claim 1, wherein receiving a 
challenge that was initiated by the providing application comprises receiving a request for proof of 
the values of one or more measurable aspects of the requesting computer system. 

5. (Original) The method as recited in claim 1, wherein the submitted assertion 
includes the values of one or more measurable aspects of the requesting computer system. 

6. (Original) The method as recited in claim 1, wherein the submitted assertion 
indicates the identity of one or more portions of the requesting instructions. 

7. (Original) The method as recited in claim 1, wherein the act of submitted 
assertion indicates an execution environment of the requesting code. 
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8. (Currently Amended) At a providing computing system that is communicatively 
connectable to a requesting computing system, the providing computing system including a 
providing application that can attempt to interact with ^requesting instructions at the requesting 
computing system, a method for verifying measurable aspects of the requesting computing system, 
the method comprising: 

proving that the providing computing system is appropriately configured to issue 
challenges to components of the requesting computing system; 

using a first random value and a second random value to identify one or more 
regions within a portion of instructions at the requesting computing system; 

causing a configuration challenge to be issued to the requesting instructions, the 
challenge including information indicating how the requesting computing system is to 
prove that the requesting computing system is appropriately configured to access a 
resource , the information comprising at least the identity of a region within a portion of 
instructions at the requesting computing system computed from a first random value and a 
second random value ; 

receiving an assertion that can be used to verify that the requesting instructions are 
configured appropriately for interacting with the providing application, the assertion 
including information based at least in part upon both a measurable aspect of the requesting 
system is configured and the information indicating how the requesting computing system 
is to prove that the requesting computing system is appropriately configured. 



Page 4 of 1 6 



Application No. 10/827,082 

Amendment "C" dated March 26, 2008 

Reply to Final Office Action mailed December 26, 2007 

9. (Previously Presented) The method as recited in claim 8, wherein the act of 
proving that the providing computing system is appropriately configured to issue challenges 
comprises an act of establishing a Secure Sockets Layer (SSL) connection between the providing 
computing system and the requesting computing system. 

10. (Original) The method as recited in claim 8, wherein the act of proving that the 
providing application is appropriately configured to issue challenges to the requesting instructions 
comprises an act of sending proof that the providing application complies with one or more 
security and trust policies of the requesting computing system. 

11. (Previously Presented) The method as recited in claim 8, wherein causing a 
challenge to be issued to the requesting computing system comprises an act of requesting proof of 
the values of one or more measurable aspects of the requesting computer system. 

12. (Previously Presented) The method as recited in claim 8, wherein receiving 
an assertion comprises an act of receiving proof of the identity of one or more portions of the 
requesting instructions. 

13. (Previously Presented) The method as recited in claim 8, wherein receiving 
an assertion comprises an act of receiving proof of the values of one or more measurable aspects 
of an execution environment at the requesting computer system. 

14-20. (Cancelled). 
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21. (Currently Amended) At a requester that is communicatively connectable to a 
provider, a method for authorizing the requester to interact with the provider, the method 
comprising: 

sending a request to the provider; 

receiving a configuration challenge from the provider, the configuration challenge 
including information indicating how the requester is to prove that the requester is 
appropriately configured to interact with the provider; 

formulating proof, based on a measurable aspect of the requester's configuration, 
that the measurable aspect of the requesting computing system's configuration is 
appropriate for accessing a resourc e the measurable aspect comprising at least a region 
within a portion of executable instructions ; 

sending proof of the values of one or more measurable aspects of the requester to 
the provider; and 

receiving a token that can be used to prove that the requester is appropriately 
configured. 

22. (Original) The method as recited in claim 21 , wherein the act sending a request 
to the provider comprises an act of sending a challenge along with the request, the challenge 
indicating how the provider is to prove that the provider is appropriately configured to issue 
configuration challenges to the requester. 
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23. (Original) The method as recited in claim 21, wherein the act of receiving a 
configuration challenge from the provider comprises an act receiving a configuration challenge 
along with proof that the provider is appropriately configured to issue configuration challenges to 
the requester. fc . 

24. (Original) The method as recited in claim 21, wherein the act of sending proof 
of the values of one or more measurable aspects of the requester to the provider comprises an act 
of sending a challenge along with the proof of the values of one or more measurable aspects, the 
challenge indicating how the provider is to prove that the provider is appropriately configured to 
issue configuration challenges to the requester. 

25. (Original) The method as recited in claim 21, wherein an act of receiving a 
token comprises an act of receiving a token along with proof that the provider is appropriately 
configured to issue configuration challenges to the requester. 
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26. (Currently Amended) At a provider that is communicatively connectable to a 
requester, a method for authorizing the requester and the provider to interact with the provider, the 
method comprising: 

an act of receiving a request from the requester; 

an act of causing a configuration challenge to be issued to the requester, the 
configuration challenge requesting proof that the requester is appropriately configured to 
interact with the provider; 

an act of receiving proof of the values of one or more measurable aspects of the 
requester's configuration the one or more measurable aspects comprising at least a region 
within a portion of executable instructions ; and 

an act of sending a token that can subsequently be used to prove that the requester is 
appropriately configured. 

27. (Original) The method as recited in claim 26, wherein the an act of receiving a 
request comprises an act of receiving a challenge along with the request, the challenge requesting 
proof that the provider is appropriately configured to issue configuration challenges to the 
requester. 

28. (Original) The method as recited in claim 26, wherein the act of causing a 
configuration challenge to be issued to the requester comprises an act of sending a configuration 
challenge along with proof that the provider is appropriately configured to issue configuration 
challenges to the requester. 
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29. (Original) The method as recited in claim 26, wherein the act of receiving proof of 
the values of one or more measurable aspects of the requester's configuration comprises an act of 
receiving a challenge along with the proof of the values of the one or more measurable aspects, the 
challenge requesting proof that the provider is appropriately configured to issue configuration 
challenges to the requester. 

30. (Original) The method as recited in claim 26, wherein that act of sending a token 
comprises sending a token along with proof that the provider is appropriately configured to issue 
configuration challenges to the requester. 

31. (Cancelled). 
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32. (Previously Presented) A computer program product for use in a computing system 
having a requester that is communicatively connectable to a provider, the computer program 
product for implementing a method for authorizing the requester to interact with the provider, the 
computer program product comprising one or more computer-readable physical storage media 
having stored thereon computer-executable instructions that, when executed by a processor, cause 
the computing system to perform the method of claim 21. 
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33. (Previously Presented) A computer program product for use in a computing system 
having a provider that is communicatively connectable to a requester, the computer program 
product for implementing a method for authorizing the requester and the provider to interact with 
the provider, the computer program product comprising one or more computer-readable physical 
storage media having stored thereon computer-executable instructions that, when executed by a 
processed, cause the computing system to perform the method of claim 26. 
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